It was only a few weeks ago that several high-profile sites such as LinkedIn were caught not properly storing passwords, making it far too easy on the hackers who stole them to crack them. If major websites can't get password storage right, you can bet that most websites can't. I made a suggestion to websites everywhere to start advertising how they store passwords if they want to earn their customers' trust by demonstrating that they do it correctly. The idea was a big hit with end-users but I haven't seen any websites try it out yet. If most websites can't get password storage right, you can also bet they can't get storage of the actual content you are trusting them with right, either. The private documents that you stored with your favorite cloud service are probably not encrypted in a way that only your account can decrypt, if they're encrypted at all. The mobile app or website you use to access those documents may send your password and your files "in the clear," enabling that shady-looking person on the other side of the café to snoop on you. They may advertise that they use encrypted connections but then disable verification in the mobile app so as to "not complicate the interface." Someone could hijack your connection and the app would never notify you of the error. I have seen all of these problems in real-world cloud apps used by thousands of people.
If you follow any tech blogs, you've heard all these warnings before. Over the Independence Day holiday, however, I found a different kind of privacy violation in a fun little app that sounds like a great idea. The premise is this: your phone has a GPS in it, right? It's a messaging app which posts messages to other people running the same app who are physically near you. It does not have a username or password, so it's anonymous, or so the advertising information claims. Suggested uses are for chatting with your classmates, with other people attending the same event, or for organizing a political rally. The fact that you are physically present is all the "identification" you need to certify yourself to the other participants. In fact, this app hit it big with the Occupy protest movement, who read online or heard from their friends that it was an anonymous short-range messaging system.